eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/reference/tools/pulumi.md

53 lines
1.5 KiB
Markdown
Raw Normal View History

Add reference/tools/ category with Dagger, ArgoCD CLI, Ansible, and Pulumi cards (#178) ## Summary - Create `docs/reference/tools/` with four reference cards: Dagger (build engine), ArgoCD CLI (deployment workflows), Ansible (config management), and Pulumi (DNS/Tailscale IaC) - Move `ansible/roles.md` → `tools/ansible.md`, broadened with CLI patterns and dry-run usage - Update `reference.md` index: add "Tools" section, remove old "Ansible" section - Update `update-documentation.md` to reflect Dagger build process (workflow steps, manual build recipe, runner environment) - Update `adopt-dagger-ci.md` plan to note how-to articles were handled via reference card + existing how-to updates - Fix all broken `[[roles]]` wiki-links across 5 files → `[[ansible]]` ## Verification - `docs-check-links` ✓ — no broken wiki-links - `docs-check-index` ✓ — all docs referenced in category index - `docs-check-filenames` ✓ — no duplicate filenames - All pre-commit hooks pass Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/178
2026-02-12 19:18:46 -08:00
---
title: Pulumi
modified: 2026-02-12
tags:
- reference
- iac
- pulumi
---
# Pulumi
Infrastructure-as-Code for DNS and Tailscale ACL management. Two independent projects, both using the Python SDK with uv toolchain.
## Projects
| Project | Stack | Source | Manages |
|---------|-------|--------|---------|
| `blumeops-dns` | `eblu-me` | `pulumi/gandi/` | DNS records for `eblu.me` via Gandi LiveDNS |
| `blumeops-tailnet` | `tail8d86e` | `pulumi/tailscale/` | ACL policy, device tags, auth keys |
### DNS (`blumeops-dns`)
Manages `*.ops.eblu.me` wildcard and base records pointing to [[indri]]'s Tailscale IP, plus public CNAME records for services routed via [[flyio-proxy]].
### Tailnet (`blumeops-tailnet`)
Manages the ACL policy (`policy.hujson`), device tags for [[indri]] and [[sifaka]], and auth keys for the Fly.io proxy.
## CLI Patterns
All operations use mise tasks that wrap `pulumi` with the correct stack and working directory:
```bash
# DNS
mise run dns-preview # Preview DNS changes
mise run dns-up # Apply DNS changes
# Tailscale
mise run tailnet-preview # Preview ACL/tag changes
mise run tailnet-up # Apply ACL/tag changes
```
## Authentication
- **Gandi**: `GANDI_PERSONAL_ACCESS_TOKEN` environment variable
- **Tailscale**: `TAILSCALE_API_KEY` environment variable
- **Pulumi state**: Local backend (no Pulumi Cloud)
## Related
- [[gandi]] — DNS hosting
- [[tailscale]] — Tailnet configuration
- [[routing]] — How DNS records map to services
Reference in a new issue Copy permalink